function acquia_spi_security_review_check_file_perms in Acquia Connector 6.2
Same name and namespace in other branches
- 7.3 acquia_spi/security_review.inc \acquia_spi_security_review_check_file_perms()
- 7.2 acquia_spi/security_review.inc \acquia_spi_security_review_check_file_perms()
Check that files aren't writeable by the server.
1 string reference to 'acquia_spi_security_review_check_file_perms'
- _acquia_spi_security_review_security_checks in acquia_spi/
security_review.inc - Checks for acquia_spi_security_review_get_checks().
File
- acquia_spi/
security_review.inc, line 222 - Stand-alone security checks and review system.
Code
function acquia_spi_security_review_check_file_perms() {
$result = TRUE;
// Extract ending folder for file directory path.
$file_path = './' . rtrim(file_directory_path(), '/');
// Set files to ignore.
$ignore = $ignore = array(
'..',
'CVS',
'.git',
'.svn',
'.bzr',
$file_path,
);
$files = _acquia_spi_security_review_check_file_perms_scan('.', $ignore);
// Try creating or appending files.
// Assume it doesn't work.
$create_status = $append_status = FALSE;
$directory = drupal_get_path('module', 'security_review');
// Write a file with the timestamp
$file = './' . $directory . '/file_write_test.' . date('Ymdhis');
if ($file_create = @fopen($file, 'w')) {
$create_status = fwrite($file_create, t("This is a vulnerable directory.\n"));
fclose($file_create);
}
// Try to append to our IGNOREME file.
$file = './' . $directory . '/IGNOREME.txt';
if ($file_append = fopen($file, 'a')) {
$append_status = fwrite($file_append, date('Ymdhis') . "\n");
fclose($file_append);
}
if (count($files) || $create_status || $append_status) {
$result = FALSE;
}
return array(
'result' => $result,
'value' => $files,
);
}